More on KentOnline
A Kent man has been arrested after fraudsters accessed customers' personal data from a mobile network and used it to steal phones.
The data breach happened at Three and the criminals stole information including the names and addresses of customers were who were due an upgrade on their phone.
The information, gathered using authorised logins, was then reportedly used to order new iPhones and Samsung phones, which the fraudsters intercepted before they reached the customers.
Eight phones were reportedly stolen using this method.
A 48-year-old man from Orpington was arrested by the National Crime Agency on Wednesday on suspicion of computer misuse offences.
Officers also arrested a 39-year old man from Ashton-under-Lyne, Manchester, on the same charge and a 35-year old man from Moston, Manchester, on suspicion of attempting to pervert the course of justice.
All three men have been bailed pending further inquiries.
A spokesman for Three has ensured its 9 million customers their financial information was not stored on the system that was affected.
He said: "Over the last four weeks Three has seen an increasing level of attempted handset fraud.
"This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.
"We've been working closely with the police and relevant authorities.
"To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity.
"The investigation is ongoing and we have taken a number of steps to further strengthen our controls.
"In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three's upgrade system.
"This upgrade system does not include any customer payment, card information or bank account information."
The spokesman said the eight customers whose details were used in the upgrade fraud have already been contacted.
A NCA spokesman said she was not able to comment on the ongoing investigation.
This news is likely to concern customers who remember the attack on the TalkTalk website last year personal data, including bank details, of almost 160,000 customers was accessed.
The Information Commissioner's Office fined the company £400,000 for failing to adequately protect its customers' information.